Lindqvist -- a blog about Linux and Science. Mostly.: debian

Showing posts with label debian. Show all posts

15 April 2013

389. Patches for NWChem 6.1.1 on Debian Wheezy/Testing

There are a couple of issues with the current version of NWChem (27th of June 2012):
* PSPW is broken when NWChem is compiled with/run on systems with gcc 4.7 (here)
* Python support requires patching to include -lz -lssl (here)
* for GabEdit to work more detail needs to be printed (here)

To fix all those issues in one go, do the following:

1. Copy the text at the end of the post, and paste it into a file, e.g. diff.patch.

2. Put the patch file in NWCHEM_TOP (i.e. the root of the source code) e.g. /opt/nwchem/nwchem-6.1.1
If you are patching a previously compiled version of nwchem then do

patch -p0 < diff.patch
export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=`pwd`
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all python"
export PYTHONVERSION=2.7
export PYTHONHOME=/usr
export BLASOPT="-L/opt/openblas/lib -lopenblas"
export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH=$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/openblas/lib
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
export FC=gfortran
cd $NWCHEM_TOP/src/ddscf
make
cd $NWCHEM_TOP/src/nwdft/scf_dft
make
cd $NWCHEM_TOP/src/mcscf
make
cd $NWCHEM_TOP/src
make link
cd $NWCHEM_TOP/contrib
./getmem.nwchem

If it's a freshly extracted source, otherwise look at http://verahill.blogspot.com.au/2012/09/briefly-compiling-nwchem-611-with.html

Patch:


diff -rupN src.original/config/makefile.h src/config/makefile.h
--- src.original/config/makefile.h 2013-04-15 12:41:45.016853322 +1000
+++ src/config/makefile.h 2013-04-15 12:38:44.933319544 +1000
@@ -1169,7 +1169,7 @@ endif
         FOPTIONS   = -Wextra #-Wunused #-ffast-math
         FOPTIMIZE  = -O2 -ffast-math -Wuninitialized 
         DEFINES  += -DGFORTRAN
-        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
         ifeq ($(_GCC46),Y) 
         DEFINES  += -DGCC46
     endif
@@ -1298,7 +1298,7 @@ endif
          FVECTORIZE=-O3 -ffast-math -mtune=native -mfpmath=sse -msse3 -ftree-vectorize -ftree-vectorizer-verbose=1   -fprefetch-loop-arrays  -funroll-all-loops 
 #         FOPTIMIZE=-O1
 #         FVECTORIZE=-O1
-       _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+       _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
        ifeq ($(_GCC46),Y) 
          DEFINES  += -DGCC46
        endif
@@ -1890,7 +1890,7 @@ endif
           FOPTIONS +=  -ff2c -fno-second-underscore
         endif
         DEFINES  += -DCHKUNDFLW -DGCC4
-        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
         ifeq ($(_GCC46),Y) 
           DEFINES  += -DGCC46
         endif
@@ -1954,7 +1954,7 @@ endif
 
      ifeq ($(BUILDING_PYTHON),python)
 #   EXTRA_LIBS += -ltk -ltcl -L/usr/X11R6/lib -lX11 -ldl
-     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl
+     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl -lssl -lz
   LDOPTIONS = -Wl,--export-dynamic 
      endif
 ifeq ($(NWCHEM_TARGET),CATAMOUNT)
diff -rupN src.original/ddscf/movecs_pr_anal.F src/ddscf/movecs_pr_anal.F
--- src.original/ddscf/movecs_pr_anal.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/movecs_pr_anal.F 2013-04-15 12:23:28.100409225 +1000
@@ -195,7 +195,7 @@ c
  22         format(1x,2('  Bfn.  Coefficient  Atom+Function  ',5x))
             write(LuOut,23)
  23         format(1x,2(' ----- ------------  ---------------',5x))
-            do klo = 0, min(n-1,9), 2
+            do klo = 0, min(n-1,199), 2
                khi = min(klo+1,n-1)
                write(LuOut,2) (
      $              int_mb(k_list+k)+1, 
diff -rupN src.original/ddscf/rohf.F src/ddscf/rohf.F
--- src.original/ddscf/rohf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/rohf.F 2013-04-15 12:23:28.100409225 +1000
@@ -153,7 +153,7 @@ c
             ilo = 1
             ihi = nmo
          endif
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'ROHF Final Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
diff -rupN src.original/ddscf/scf_vec_guess.F src/ddscf/scf_vec_guess.F
--- src.original/ddscf/scf_vec_guess.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/scf_vec_guess.F 2013-04-15 12:23:28.100409225 +1000
@@ -505,19 +505,19 @@ c
          nprint = min(nclosed+nopen+30,nmo)
          if (scftype.eq.'RHF' .or. scftype.eq.'ROHF') then
             call movecs_print_anal(basis, 1,
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'ROHF Initial Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
          else
             nprint = min(nalpha+20,nmo)
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'UHF Initial Alpha Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs(2), 
+     &           nprint, 0.01d0, g_movecs(2), 
      &           'UHF Initial Beta Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      &           .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/ddscf/uhf.F src/ddscf/uhf.F
--- src.original/ddscf/uhf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/uhf.F 2013-04-15 12:23:28.096409414 +1000
@@ -144,11 +144,11 @@ C
          enddo
          ihi = max(ihi-1,1)
  9611    continue
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'UHF Final Alpha Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs(2), 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs(2), 
      $        'UHF Final Beta Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      $        .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/mcscf/mcscf.F src/mcscf/mcscf.F
--- src.original/mcscf/mcscf.F 2013-04-15 12:41:45.000854073 +1000
+++ src/mcscf/mcscf.F 2013-04-15 12:23:23.748613695 +1000
@@ -680,7 +680,7 @@ c
       if (util_print('final vectors analysis', print_default))
      $     call movecs_print_anal(basis, 
      $     max(1,nclosed-10), min(nbf,nclosed+nact+10),
-     $     0.15d0, g_movecs, 'Analysis of MCSCF natural orbitals',
+     $     0.01d0, g_movecs, 'Analysis of MCSCF natural orbitals',
      $     .true., dbl_mb(k_evals), .true., int_mb(k_sym), 
      $     .true., dbl_mb(k_occ))
 c     
diff -rupN src.original/nwdft/scf_dft/dft_mxspin_ovlp.F src/nwdft/scf_dft/dft_mxspin_ovlp.F
--- src.original/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:41:45.604825677 +1000
+++ src/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:23:28.228403211 +1000
@@ -184,14 +184,14 @@ c
       call ga_sync()
 c
       call movecs_print_anal(basis,int_mb(k_non),int_mb(k_non)
-     & ,0.15d0,g_alpha,'Alpha Orbitals without Beta Partners',
+     & ,0.01d0,g_alpha,'Alpha Orbitals without Beta Partners',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
       if (nct.GE.2) then
       do i = 2,nct
       ind = int_mb(k_non+i-1)
       call movecs_print_anal(basis,ind,ind
-     & ,0.15d0,g_alpha,' ',
+     & ,0.01d0,g_alpha,' ',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
       enddo
       endif
@@ -350,7 +350,7 @@ c      endif
 c      endif
 c 9990 format(/,18x,'THERE ARE',i3,1x,'UN-PARTNERED ALPHA ORBITALS')
 c
-       call movecs_print_anal(basis, 1, nalp, 0.15d0, g_ualpha,
+       call movecs_print_anal(basis, 1, nalp, 0.01d0, g_ualpha,
      & 'Alpha Orb. w/o Beta Partners (after maxim. alpha/beta overlap)',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
diff -rupN src.original/nwdft/scf_dft/dft_scf.F src/nwdft/scf_dft/dft_scf.F
--- src.original/nwdft/scf_dft/dft_scf.F 2013-04-15 12:41:45.608825490 +1000
+++ src/nwdft/scf_dft/dft_scf.F 2013-04-15 12:23:28.228403211 +1000
@@ -1733,7 +1733,7 @@ c
             else
                blob='DFT Final Beta Molecular Orbital Analysis' 
             endif
-            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.15d0, 
+            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.01d0, 
      &           g_movecs(ispin), 
      &           blob, 
      &           .true., dbl_mb(k_eval(ispin)), oadapt, 
diff -rupN src.original/nwdft/scf_dft_cg/dft_cg_solve.F src/nwdft/scf_dft_cg/dft_cg_solve.F
--- src.original/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:41:45.612825303 +1000
+++ src/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:23:28.220403588 +1000
@@ -164,7 +164,7 @@ c
             blob = 'DFT Final Beta Molecular Orbital Analysis'
           endif
           call movecs_fix_phase(g_movecs(ispin))
-          call movecs_print_anal(basis, ilo, ihi, 0.15d0,
+          call movecs_print_anal(basis, ilo, ihi, 0.01d0,
      &         g_movecs(ispin),blob,
      &         .true., dbl_mb(k_eval+(ispin-1)*nbf),
      &         oadapt, int_mb(k_irs+(ispin-1)*nbf),

388. NWChem, PSPW and Fortran runtime error

I'm following this post: http://www.emsl.pnl.gov/docs/nwchem/nwchem-support/2012/12/0024.Re:_NWCHEM_errors_in_running_nwchem-6.1.

The issue:
If, on debian testing/wheezy 64 bit with gcc 4.7, you run the following using NWChem 6.1.1


Title "boric acid"
Start  boric

echo

charge 0

geometry autosym units angstrom
 B     0.00000     0.00000     0.00000
 O     -4.93432e-17     1.55000     0.00000
 H     1.06537     1.92667     0.00000
 O     1.34234     -0.775000     0.00000
 H     1.13586     -1.88597     0.00000
 O     -1.34234     -0.775000     0.00000
 H     -2.20123     -0.0406974     0.00000
end

ecce_print ecce.out

nwpw
  mult 1
  xc pbe96
  cutoff 90.0
  np_dimensions -1  -1  
  tolerances 1e-7  1e-7
  car-parrinello
    nose-hoover 1.000000e+03 2.981500e+02 1.000000e+03 2.981500e+02
    time_step 0.500000e+00
    fake_mass 1.000000e+02
    loop 10 100 
    scaling 1.000000e+00 1.000000e+00
  end 
end

task pspw energy
task pspw car-parrinello

You'll end up with


****************************************************
          *                                                  *
          *               NWPW PSPW Calculation              *
          *                                                  *
          *  [ (Grassman/Stiefel manifold implementation) ]  *
          *                                                  *
          *      [ NorthWest Chemistry implementation ]      *
          *                                                  *
          *            version #5.10   06/12/02              *
          *                                                  *
          *    This code was developed by Eric J. Bylaska,   *
          *    and was based upon algorithms and code        *
          *    developed by the group of Prof. John H. Weare *
          *                                                  *
          ****************************************************
     >>>  JOB STARTED       AT Mon Apr 15 10:05:42 2013  <<<
          ================ input data ========================
  library name resolved from: compiled reference
  NWCHEM_NWPW_LIBRARY set to: 
Generating 1d pseudopotential for B
At line 649 of file psp_generator_input.F (unit = 99, file = './junk.inp')
Fortran runtime error: Sequential READ or WRITE not allowed after EOF marker, possibly use REWIND or BACKSPACE
--------------------------------------------------------------------------
mpirun has exited due to process rank 0 with PID 28100 on
node neon exiting without calling "finalize". This may
have caused other processes in the application to be
terminated by signals sent by mpirun (as reported here).
-------------------------------------------------------------------------

The fix
/opt/nwchem/nwchem-6.1.1-src is the NWCHEM_TOP of my particular nwchem source. See e.g. here for build instructions in general and not that e.g. BLASOPT settings etc. correspond to what I need on my system. Modify as necessary.

cd /opt/nwchem/nwchem-6.1.1-src/
wget http://www.nwchem-sw.org/images/Makefile.h.gcc46.patch.gz
gunzip Makefile.h.gcc46.patch.gz
patch -p0 < Makefile.h.gcc46.patch
cd src/nwpw/
touch `egrep -l GCC46 */*/*F`

export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=/opt/nwchem/nwchem-6.1.1-src
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all"
export PYTHONHOME=/usr
export BLASOPT="-L/opt/acml/acml5.2.0/gfortran64_fma4_int64/lib -lacml"
export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH="$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/acml/acml5.2.0/gfortran64_fma4_int64/lib"
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
export FC=gfortran
make 
cd ../
make link
./getmem.nwchem

Because we just relink instead of recompiling from scratch, recompiling is fairly quick (2-3 minutes in total)

Testing

It now continues as it should:


================ input data ========================
  library name resolved from: compiled reference
  NWCHEM_NWPW_LIBRARY set to: 
Generating 1d pseudopotential for B

and everything is good from there-on.

NOTE: you need to delete the output files from any previous run, or you might end up with errors during the Car-Parrinello portion (e.g.

At line 170 of file MOTION.F (unit = 19, file = './boric.ion_motion')
Fortran runtime error: Sequential READ or WRITE not allowed after EOF marker, possibly use REWIND or BACKSPACE

)

Stay tuned...
What remains for me is to start collecting the patches that are needed for nwchem to work properly (from my perspective -- I only have to support myself and my debian boxes, not a heterogeneous set of users with equally heterogeneous hardware, so my job is easier than that of the nwchem devs) so that installing and upgrading nwchem becomes less painful (yes, I've been patching by hand up till now...).

The issues that need to be patched are:
* including libz and libssl on debian when building with python support (e.g. step 1 in this post)
* changing the details in the output to support gabEdit (e.g. this post)
* patching for GCC 4.7 (i.e. what you've just read)

Update: The post is here now: http://verahill.blogspot.com.au/2013/04/389-patches-for-nwchem-611-on-debian.html

387. Compiling Wine 1.5.28 in a i386 chroot on Debian Wheezy amd64

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

UPDATE: for those who don't want to compile and are willing to take a minor risk* there are pre-built debs for mepis here: http://main.mepis-deb.org/mepiscr/testrepo/pool/test/w/wine/
They are provided by Steve Pusser, who is an active member at the debian forums.

* I presume, but don't actually know, that they are compatible with debian due to 1) Steve being active on the debian forums and 2) Mepis being based on debian stable (currently Squeeze)

Original post

New version of wine out now: 1.5.28.

Not much to get excited about from what I can tell, but wine now relies on GnuTLS instead of openssl.

Here's how to build it -- a lot of it is shamelessly recycled from earlier posts on this blog.

Getting started:
If you set up a chroot to build 1.5.27 before, you don't need to set up a new chroot to build 1.5.28. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

Setting up the Chroot

mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.28.tar.bz2
tar xvf wine-1.5.28.tar.bz2
cd wine-1.5.28/
./configure
time make -j2
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.28
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.28 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.28 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.28 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Compilation took ca 19 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.28$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.28/wine_1.5.28-1_i386.deb .
sudo chown $USER wine_1.5.28-1_i386.deb
sudo dpkg -i wine_1.5.28-1_i386.deb

Links to this post:
http://forum.winehq.org/viewtopic.php?f=8&t=18924

12 April 2013

386. Briefly: Lenovo Thinkpad SL410 mute volume key

I'm a bit tired of the mute button on my keyboard not working (anymore?) on Debian Testing/Wheezy, so it was time to have a look at what could be done.

The issue
On an SL410 there are four buttons to the left of the keyboard: mute mic, volume up, volume down and mute.

Neither of them show up when using xev or showkey. The Volume Up and Down keys work, but not the mute mic or mute volume ones.

You can get the keycodes by monitoring dmesg -- pushing Mute volume three times I get

[ 2392.912282] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.447050] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.930206] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000

The problem is that the keycode keeps changing -- the mute key has a different value depending on what the volume is.

mute mic    ?????
vol up/down 0x1439080,0x339080,00,09,13,1b,21,25,29,2d,30,33
mut vol     0x1439000, 339029

Anyway.

Solution

You'll probably find that thinkpad_acpi is loaded:

lsmod|grep thinkpad_acpi

Unload it:

sudo rmmod thinkpad_acpi

Now press the mute button -- did an orange light show under it? That means it's working.

I think the issue is that SL410 isn't a true thinkpad -- it's really an ideapad and the firmware doesn't match.

To make the change permanent,

edit /etc/modprobe.d/thinkpad-blacklist.conf

blacklist thinkpad_acpi

thinkpad_acpi shouldn't load on boot anymore.

Mute mic still doesn't work.

11 April 2013

385. OTPW -- connecting from an insecure computer using one-time passwords

I got inspired to look into this by this post: http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw

The idea of one time passwords is fairly simple -- even if someone manages to keylog your password (or see you type it in) it will be useless to them, as it can only be used once.

The implementation is also fairly simple: if you divide a password in half, and only let one half be static (the prefix) and the other half come from a pre-agreed list (the suffix), you can have a secure way of changing your password in a practical way.

Let's say that I decide that the static, prefix part should be 'ice' and that we make a pre-agreed list of suffices that we can use to make passwords:
001. box
002. flower
003. icle
004. skating
005. fishing

You should print this list and keep it reasonably safe. Without the prefix it is not useful. Likewise, any keylogger on a compromised computer will find out the prefix, but it will be useless without the suffix list. So keep that it in mind -- make sure that no-one gets hold of both.

You then try to log in via ssh from a remote client, and you get prompted for password 004 -- this means that the password you need to use is iceskating.

In real-world applications the suffixes are random, and not at all related to the prefix. Also, once the list has been generated it is not stored (so you better print it) -- only the hashes or the complete passwords are.

Note that the choice isn't really between OTPW and regular static password -- you can use both, just like you can use SSH with both key and password.

Set up
http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw?page=0,2 deals with a number of different use scenarios. I'm only interested in enabling OTPW for remote SSH at this stage i.e. local login is using static passwords by default.

(if you're travelling with a laptop you may consider using OTPW for everything)

You need libpam-otpw. In addition, otpw-bin is useful for generating the suffix/hash list.

sudo apt-get install libpam-otpw otpw-bin

Generate a list of hashes and suffices:

otpw-gen|tee otpw.list

Print the list and delete it afterwards.

You now have a ~/.otpw file filled with hashes.

Create /etc/pam.d/ssh-otpw.


auth           sufficient      pam_otpw.so
session        optional        pam_otpw.so

and edit /etc/pam.d/sshd -- include the ssh-otpw file immediately before common-auth to set the order of log in methods.


auth       required     pam_env.so # [1]
auth       required     pam_env.so envfile=/etc/default/locale

@include ssh-otpw
@include common-auth

account    required     pam_nologin.so

@include common-account
@include common-session

session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
@include common-password

This way, if there's a ~/.otpw file you'll first be prompted for a one-time password. Otherwise that option will be skipped, so users with and without OTPW can co-exist happily.
In /etc/ssh/sshd_config, set


ChallengeResponseAuthentication yes

and make sure that UsePrivilegeSeparation and UsePAM are also set to yes (should be on Debian Wheezy).

sudo service ssh restart

and that's it!

Testing
To test, use a different computer and try to log in. I've got all my local computers set up to use keys to log in, so I had to to

ssh -o PubKeyAuthentication=no me@beryllium

Password 267:

In my list, 267 was given as

dfuF XE+L

so (pretending that my prefix was ice) my password was icedfuFXE+L.
If you answer that challenge wrong, you'll be asked for your static password instead. If you want to keep that secret, then interrupt the connection and retry.

Easy!

Once you start running out of password, run otpw-gen again for a new list.

05 April 2013

376. Wine 1.5.27 on Debian: i386 chroot

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

Note: Please, if you do have issues actually using the wine binaries built this way, post a comment -- everything is working fine on my systems but I'd like to know exactly what libraries you need to install on the target system to make Wine built in the chroot run to satisfaction.

Preamble: Building wine on Debian Wheezy amd 64 is a PITA at the moment, since some amd64 -dev packages are not co-installable with their i386 counterpart. Such an example is libfreetype6-dev:i386.

If I'm understanding this post correctly I may be confusing the idea behind multiarch vs cross-compiling:


"multiarch provides support for cross-compiling, but we don't have an amd64->i386 cross-compiler - only a biarch (multilib) compiler."

which I interpret to mean that while we generally can compile against 32 bit libs in wheezy using multiarch, it's not necessarily the way it is intended to work (I've never bother to check whether the binaries are 32 bit, or just linked against 32 bit libs). Instead, an alternative way to look at multiarch is that it supports the use of packages linked against 32 bit libs (and puts libraries in arch dependent locations), but not by necessity the compilation of 32 bit binaries (if it does, great). Or maybe I'm wrong. The bottom line is that we might have to accept compiling in a chroot, and then install the 32 bit libs on the target machine to support execution.
I've built wine using chroot in the past, but it was always with the intention of hammering out dependencies.

Getting started:

The Chroot

mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 libcurl4-openssl-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.27.tar.bz2
cd wine-1.5.27/
./configure
time make -j2
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.27
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.27 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.27 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.27 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Compilation took ca 20 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.27$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.27/wine_1.5.27-1_i386.deb .
sudo chown $USER wine_1.5.27-1_i386.deb
sudo dpkg -i wine_1.5.27-1_i386.deb

The tricky bit
The question is what 32 bit libs you need on the host system, if any.

ldd /usr/local/bin/wine

linux-gate.so.1 =>  (0x55573000)
        libwine.so.1 => /usr/local/bin/../lib/libwine.so.1 (0x55577000)
        libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0x556f5000)
        libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0x5570e000)
        libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0x55871000)
        /lib/ld-linux.so.2 (0x55555000)

So far everything is working fine with ia32-libs.

Links to this post:
http://forums.bistudio.com/showthread.php?149892-ARMA-III-on-Linux-servers-via-WINE%2Fpage4
http://forum.winehq.org/viewtopic.php?f=8&t=19010

21 March 2013

367. Some post-install steps on Debian Wheezy/Testing

-- Skip from here --
I lasted 9 days with Arch linux on my laptop, and I have now switched it back to Debian. I've still got Arch on my 'household' computer that we use to watch TV on though -- it's a fine distro, just like debian is a fine distro -- but it's not suitable for the particular work I use my laptop for.

The reasons for switching back aren't that dramatic -- I use my laptop for work.

In particular, I use it to do
* (computationally) light work at home (editing papers, generating figures, analyzing data) and
* I use it to give seminar talks at other universities.

I got a bit frustrated with the number of packages I had to get via AUR, and even more frustrated over the quality of some of the PKGBUILDS. Not frustrated in a terribly bad way -- I appreciate the time and effort that some of the maintainers put it (e.g. gdis and gcc-gcj) -- but frustrated enough that I appreciate the quality and availability of the packages in the debian repos. I needed to sort out a few quick things before sending off a manuscript:
* generate a structure with avogadro, then generate a pov file in gdis, then render it in povray
* I also needed to extract a couple of pages from a pdf using pdftk and send them to a collaborator

That took all evening. Avogadro installs fine via the repos, as did povray. There's a small issue with upstreams version of povray 3.7 in that it doesn't create any conf file in ~/.povray/3.7/, and there's no actual help when running povray --help, but even worse was that it rendered incredibly slow. I've compiled 3.7 myself before and my experience using the Arch packages were very different in terms of performance.

I had some issues with building gdis using the AUR PKGBUILD (the maintainer was extremely responsive to feedback and kudos to him/her), and that added an extra 20-30 minutes.

There are two AUR pdftk versions -- I first tried pdftk, which relies on gcc-gcj which is another AUR package. gcc-gcj wouldn't build, but someone beat me to submitting feedback. Again, the maintainer of gcc-gcj is extremely responsive and the issue has already been resolved, less than a day after reporting it.

I ended up giving and installing pdftk-bin and it's dependency (a re-tooled debian package!) which went fine.

All this is really in line with the stated nature of Arch - Arch is bleeding edge and will give you the newest, shiniest stuff. Debian is focused on stability and reliability (all your bugs will remain constant) but offers a middle-ground between Arch and Debian Stable in Debian Testing. And while the shiniest, newest stuff is what I'm looking for in a household computer or a desktop box, I need to go for reliability on my work computer.

So that's why I'm going back on my laptop -- I want to make sure that if I need to pull in a package in an emergency it should go fast and without issue. I also don't want to risk doing a -Syu and ending up with a borked system the morning of a talk.

It's pretty similar to some of the reasons one finds in this remarkably civilised thread: http://forums.debian.net/viewtopic.php?f=3&t=61004

Like a lot of the respondents, I have to agree that the Arch wiki is amazing. In contrast, I've taken to never using the debian guides since they feel horribly out of date (probably because I'm on testing), and may not be that well-written.

Interesting observation: Debian Testing starts (from grub menu to log in prompt) in 9-10 s (SSD), while a fresh Arch install with systemd takes 25s.
-- to here --

Anyway. I Installed debian again on my laptop hdd (using this post: http://verahill.blogspot.com.au/2013/03/361-installing-debian-on-usb-stick-from.html) and these are some of the first steps I went through:

0. What I installed in the chroot step
The basics:
sudo apt-get install locales sudo vim aide grub-pc linux-base linux-image-3.2.0-4-amd64 wicd-curses mutt mcabber elinks rcconf gnome firmware-atheros firmware-iwlwifi firmware-ralink firmware-realtek locate dkms openssh-server wicd-gtk screen less conky nautilus-open-terminal lm-sensors acpi gawk

I also used adduser to create the new user to get proper .profile and .bashrc generated.

Post-chroot:
1. Disable services
Run rcconf to disable network-manager, bluetooth, speech-dispatcher

Do
sudo service network-manager stop
if it's running or you won't be able to use it to configure wicd-curses

First time you run wicd-curses, make sure to set Preferences and pick the right interfaces. Note that wicd only handles one wired and one wireless interface. For anything a bit more challenging, use /etc/network/interfaces directly.

2. ssh, .gnupg, BankID, conky
SSH
Copy .ssh/id_[dr]sa and id_[dr]sa.pub from old installation to ~/.ssh on new installation. Make sure to
chmod 700 ~/.ssh

GPG
mkdir ~/.gnupg
chmod og-rwx ~/.gnupg -R
Copy gpa.conf, gpg.conf, pubring.gpg, pubring.kbx, random_seed, secring.gpg, trustdb.gpg

BankID
mkdir .personal
chmod 700 ~/.personal
copy ~/.personal/config/Personal.cfg and ~/.personal/store/*.npg

Conky
copy /etc/conky/conky.conf

3. apt-file and bash completion
sudo apt-get install apt-file bash-completion
sudo apt-file update

4. Data analysis
sudo apt-get install gnuplot octave maxima

5. Chemistry
sudo apt-get install gdis pymol povray bkchem avogadro

6. TeX
texmake texlive-science texlive-publishers texlive-bibtex-extra texlive-fonts-recommended latex-cjk-common latex-cjk-chinese

7. Internet/Network
sudo apt-get install chromium gajim filezilla flashplugin-nonfree

8. Misc
sudo apt-get install gnucash kate pdftk inkscape gimp keepassx sinfo saidar guake

9. multiarch
sudo dpkg --add-architecture i386
sudo apt-get update

10. GNOME
sudo apt-get install gnome-tweak-tool

Icons
mkdir ~/tmp/faenza -p
cd ~/tmp/faenza
wget https://faenza-icon-theme.googlecode.com/files/faenza-icon-theme_1.3.zip
unzip faenza-sources_1.3.tar.gz
sudo cp Faenza -R /usr/share/icons

frippery extensions
cd ~
wget http://intgat.tigress.co.uk/rmy/extensions/gnome-shell-frippery-0.4.1.tgz
tar xvf gnome-shell-frippery-0.4.1.tgz

Do alt+f2, r
then use gnome-tweak-tool
select e.g. bottom panel, move clock, applications menu.

Change default browser:
System/Details/Default Applications -> Chromium

autostart guake-- create ~/.config/autostart/guake.desktop

[Desktop Entry]
Type=Application
Exec=/usr/bin/guake
Hidden=false
X-GNOME-Autostart-enabled=true
Name=guake
Comment=guake

Start guake in gnome, open preferences, and disable "Enable popup notification on startup"

autostart conky -- create ~/.config/autostart/conky.desktop
[Desktop Entry]
Type=Application
Exec=conky
Hidden=false
X-GNOME-Autostart-enabled=true
Name=conky
Comment=conky

11. Dropbox
cd ~/Downloads
sudo apt-get install python-gpgme
wget https://linux.dropbox.com/packages/debian/dropbox_1.6.0_amd64.deb
sudo dpkg -i dropbox_1.6.0_amd64.deb

11. Truecrypt
cd ~/Downloads
wget http://www.truecrypt.org/download/truecrypt-7.1a-linux-x64.tar.gz
tar xvf truecrypt-7.1a-linux-x64.tar.gz
sudo sh truecrypt-7.1a-setup-x64

12. Keyboard
Go to keyboard in system setttings, click on the shortcuts tab.
Under Launchers, click on Explorer next to Home Folder so that it says New Accelerator...
Do shift+ctrl+left arrow

Do the same for web browser, with ctrl+shift+down arrow

Click on the plus (+), and set
Name: gnome terminal
Command: gnome-terminal

Click on Apply. Click on Disabled and set the shortcut to ctrl+shift+arrow up.

Do the same for gEdit, with ctrl+shift+arrow right.

Go to System settings, Region and Language. Click on the Layout tab, then on the Options button in the bottom right corner. Expand Compose Key Options. Tick Right+Alt.

13. BankID
See http://verahill.blogspot.com.au/2013/02/341-upgradinginstalling-bankid-on-64.html

12. Virtualbox
sudo apt-get install virtualbox virtualbox-dkms virtualbox-guest-dkms

14. Thunderbird
http://verahill.blogspot.com.au/2013/01/326-compiling-thunderbird-1702-on.html
Install the following addons: enigmail, lightning, provider for google calendar
Go to File, new, new calendar, and paste the ICAL string for google calendar
To look up the ical string, go to gmail in a web browser, click on calendar, select your calendar, click on the ICAL button for the private calendar.

15. Firefox
http://verahill.blogspot.com.au/2013/03/365-compile-firefox-19-on-debian.html

16. screenrc and vimrc
Add to /etc/vim/vimrc:
set number
set pastetoggle=<F3>
set spell
set wrap

Add to /etc/screenrc:
termcapinfo xterm|xterms|xs|rxvt ti@:te@
caption always "%{+b rk}%H%{gk} |%c %{yk}%d.%m.%Y | %72=Load: %l %{wk}"
hardstatus alwayslastline "%?%{yk}%-Lw%?%{wb}%n*%f %t%?(%u)%?%?%{yk}%+Lw%"

17. Skype
sudo apt-get install pulseaudio

Edit ~/.asoundrc:
pcm.!default.type pulse
ctl.!default.type pulse

Go to skype.com, download and get skype for debian 7.0 (multiarch)
sudo dpkg -i skype-debian_4.1.0.20-1_i386.deb

It will fail
sudo apt-get install -f

and now everything works.

18. wine
sudo apt-get install wine clamav

19. Tools for chroot
sudo apt-get install debootstrap x11-xserver-utils
http://verahill.blogspot.com.au/2013/01/316-briefly-automated-chrootsandbox.html

20. Tools for Kernel compile

sudo apt-get install kernel-package fakeroot build-essential ncurses-bin

http://verahill.blogspot.com.au/2013/02/342-compiling-kernel-38-on-debian.html

21. Java support in browsers
Install the icedtea-plugin

22. Install apt-listbugs
If you're running testing you'll want to be aware of critical bugs before upgrading each time. Luckily apt-listbugs does that for you if installed -- it's run during each apt-get update if it is installed:
sudo apt-get install apt-listbugs

Links to this post:
http://schultkl.blogspot.fr/2013/06/configuring-debian-gnulinux-7-wheezy.html

366. nspluginwrapper on debian testing/wheezy

I only recently realised that nspluginwrapper wasn't in the debian wheezy/testing repos -- and it is absolutely necessary if you want to get BankID to work (here and here).

The easiest way to install nspluginwrapper in debian is to enable the stable repos. E.g. on my wheezy laptop I have the following /etc/apt/sources.list:

deb http://ftp.au.debian.org/debian/ wheezy main contrib non-free
deb http://ftp.au.debian.org/debian/ squeeze main contrib non-free

While normally you shouldn't mix different repos without some pretty strict apt-pinning policies, this works since apt automatically pulls in the newest version of each package -- and that'd be the package in wheezy which is the distro I'm using.

If that still makes you nervous, the second easiest option is simply to compile nspluginwrapper yourself. It's complicated a little bit by bug 682678.

sudo apt-get install libc6-dev-i386 g++-multilib checkinstall libglib2.0-dev build-essential libgtk2.0-dev libcurl4-gnutls-dev libxt-dev
mkdir ~/tmp
cd ~/tmp
wget http://nspluginwrapper.org/download/nspluginwrapper-1.4.4.tar.gz
tar xvf nspluginwrapper-1.4.4.tar.gz
cd nspluginwrapper-1.4.4/
./configure
make
sudo checkinstall

Error 1:
make fails with complaints about

/usr/include/features.h -> bits/predefs.h

It's fixed by installig libc6-dev-i386

Error 2:
make fails with a message about

skipping incompatible libsupc++.a

It's fixed by installing g++-multilib

19 March 2013

363. Generating an image in PyMol

For some reason I needed to quickly generate a publication quality figure of a protein.

Deep View (SWiss PDB viewer) isn't available for linux anymore, and the old versions rely on 32 bit libs (which is increasingly a headache on debian). Rasmol is a classic, but I haven't used it properly since 1997 -- and all attempts at exporting png, jpg etc. failed on my debian wheezy box.

Jmol is awesome, and while I managed to make some pretty convincing figures I never quite got to where I wanted.

So I tried pymol

Pymol, like rasmol and jmol, has a visual interface which can be controlled via an integrated terminal. The learning curve is steep, but it's quick and easy to make figures once you've got the basics.

Install pymol from the repos in debian:
sudo apt-get install pymol

(on Archlinux you can get it via AUR -- you'll need to install python-pmw first)

Download 1SU4.pdb from here http://www.rcsb.org/pdb/explore.do?structureId=1su4

In the directory where your pdb file is, do

pymol 1SU4.pdb

select helices, chain A

Click on the A(ction) by (helices), select preset/publication.

select calcium, (res 995-996)
show spheres, calcium

Note that 'helices' and 'calcium' are just handles or aliases that I made up.

alter calcium, vdw=5
show spheres, calcium

color purple calcium
bg_color white

set antialias=1
set sphere_mode=5

where sphere_mode 5 means shading.

ray 1000,1000

save 1SU4.png

And here's the final figure:

15 March 2013

359. Installing Scientific Linux (CentOS, RHEL) via a chroot in a running debian installation

This is a fun post. I've got a small server and I'd like to put Scientific Linux on it. I figure that between using Arch on my laptop, and Debian on my beowulf cluster, my work desktop, my home desktop and on another two laptops what I really need is to become a bit more proficient in the use of RHEL clones.

I've settled on Scientific Linux since I encounter that more often than CentOS.

My mini server lacks any form of video interface though, so the easiest solution is to take out the harddrive and install Scientific Linux via a USB tether and a chroot, similar to how things are done when making standard installs of Arch or Gentoo (it's all coming together...)

In a future post I'll write up how to install debian via a running debian system and a chroot (hint: debootstrap).

Anyway.

1. Install yum on your debian system
sudo apt-get install yum

2. Set up the Scientific Linux repos for yum on your debian system
Because it's easier, we'll disable gpg check.

If you're target is a 32 bit box, change x86_64 to i386 (my little server runs a 32 bit atom cpu and I screwed this up once)

Create /etc/yum/repo.d/sl.repo


[sl]
name=Scientific Linux 6.3 - x86_64
baseurl=http://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/os/
        http://ftp1.scientificlinux.org/linux/scientific/6.3/x86_64/os/
        http://ftp2.scientificlinux.org/linux/scientific/6.3/x86_64/os/
        ftp://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/os/

enabled=1
gpgcheck=0

[sl-security]
name=Scientific Linux 6.3 - x86_64 - security updates
baseurl=http://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/
        http://ftp1.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/
        http://ftp2.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/
        ftp://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/
enabled=1
gpgcheck=0

Test that everything is working by running

yum repolist

sl                                                                  | 3.2 kB     00:00     
sl-security                                                         | 1.9 kB     00:00     
repo id       repo name                                             status
sl            Scientific Linux 6.3 - x86_64                         enabled: 6,399
sl-security   Scientific Linux 6.3 - x86_64 - security updates     enabled: 1,584
repolist: 7,983

It might take 60 s before you get any feedback, so don't interrupt the command.

3. Mount your external harddrive

mkdir $HOME/tmp/jail -p
sudo mount /dev/sdb1 $HOME/tmp/jail

assuming of course that /dev/sdb1 is your intended root partition (see the arch and gentoo install guides for examples of how to use fdisk)

4. Install a basic system on your mounted harddrive

sudo yum --installroot=$HOME/tmp/jail install bash sl-release coreutils yum iputils vim

5. Chroot your mounted harddrive

sudo cp /etc/resolv.conf $HOME/tmp/jail/etc/resolv.conf
sudo cp /etc/yum/repos.d/* /$HOME/tmp/jail/etc/yum.repos.d/
sudo mount -t proc none $HOME/jail/proc
sudo mount --bind /sys $HOME/tmp/jail/sys
sudo mount --bind /dev $HOME/tmp/jail/dev
sudo chroot $HOME/tmp/jail

bash-4.1# head -n 1 /etc/issue.net
Scientific Linux release 6.3 (Carbon)
bash-4.1# ping -c 1 google.com
PING google.com (74.125.237.98) 56(84) bytes of data.
64 bytes from syd01s12-in-f2.1e100.net (74.125.237.98): icmp_seq=1 ttl=51 time=16.0 ms

We are now working in Scientific Linux. Sure, we're still using the debian kernel, but everything else is from the SL repos:

First set up /etc/fstab. I normally do

blkid > /etc/fstab

and then edit it. In this case I ended up with:


UUID=45495a62-a141-4033-a739-8063f0e80a56       /       ext4    errors=remount-ro,user_xattr   0 1
UUID=6dc86d8d-0ad6-4574-8dea-9d28b0151362       none    swap    sw      0 0

Install everything we need to boot our new system and make it run:

yum install kernel openssh-clients openssh-server passwd dhclient

Important:

passwd

If you don't set a password you can't log in.

A. Grub legacy -- I couldn't make this work; see B

yum install grub

Make the system bootable (the first command is so that df works)

grep -v rootfs /proc/mounts > /etc/mtab
grub-install --no-floppy /dev/sdb

grub-install --no-floppy /dev/sdb
Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

(fd0)   /dev/fd0
(hd0)   /dev/sda
(hd1)   /dev/sdb

The last command took a LONG time without any visual feedback until the very end.

Create a /boot/grub/grub.conf file:


default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
title Scientific Linux (2.6.32-358.2.1.el6.x86_64)
       root (hd0,0)
       kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=UUID=45495a62-a141-4033-a739-8063f0e80a56
       initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img

B. Grub2 -- this worked perfectly for me
Grub and I don't play well together. I'm more at home with grub2 which..well..allows for a bit of stupidity. After spending a fair amount of time trying to figure out grub (legacy) I gave up and did the following:

yum install wget diffutils bison gcc gcc-c++ kernel-devel flex freetype-devel make fuse-libs fuse-devel 
cd /tmp
wget ftp://ftp.gnu.org/gnu/grub/grub-2.00.tar.gz
tar xvf grub-2.00.tar.gz
cd grub-2.00/
./configure
make
make install
grub-mkconfig -o /boot/grub/grub.cfg
yum erase grub
grub-install /dev/sdb

Set up the following files:

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=science!

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

If you want static inet instead, do

DEVICE=eth0
HWADDR=D4:AE:52:71:79:14
IPADDR=10.1.1.1
NETMASK=255.255.0.0
BOOTPROTO=none
ONBOOT=yes
MTU=1500
TYPE=Ethernet

You're now ready to exit the chroot, unmount everything and reboot. Things to do after the first reboot include setting up a user (useradd -m verahill) and install sudo.
Anyway, there are plenty of guides online for that...

I tried this on physical hardware, and it works Since the box is headless I only had ssh access, setting up proper rules in /etc/udev/rules.d/ was important so that I could configure the network via /etc/sysconfig/network-scripts files before putting the drive back in the server.

/etc/udev/rules.d/70-persistent-net.rules

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:b6:2a:a9:30", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:b6:2a:a9:31", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

This is a headless box (no graphics card, no vga output -- only a serial port), but I wanted to be able to use for a student to use gnuplot etc. in a pinch.

sudo yum install xorg-x11-server-Xvfb xorg-x11-server-Xorg

To set up keyword-less key-based ssh log in, edit /etc/ssh/sshd_config and uncomment

AuthorizedKeysFile .ssh/authorized_keys

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys

Done.

28 February 2013

348. Using the official firefox 19 binary on debian testing/wheezy

UPDATE 20/3/2013: installing a system from scratch I'm having issues with xulrunner-10.0:i386, since it pulls in libstartup-notification0:i386 which causes all sorts of headaches (uninstalls xulrunner-10.0 and everything it depends on)

This post made me realise that installing the pre-built firefox binary isn't as straight-forward as one might like. A small nuisance is that the getfirefox.com versoin is only 32 bit, but that's life.

Here we go.

Download the standard binary version of firefox from here:
http://www.mozilla.org/en-US/firefox/new/?from=getfirefox

You can install it wherever you want, but I'm going for a local installation. Put the firefox-19.0.tar.bz2 in your home folder and untar it:

tar xvf firefox-19.0.tar.bz2
cd ~/firefox/
./firefox

If you get

bash: ./firefox: No such file or directory

then you are missing 32 bit compatibility libraries:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs
sudo apt-get install xulrunner-10.0:i386

To get flash set up you'll need the 32 bit version. Download the 32 bit version from http://get.adobe.com/flashplayer/?no_redirect

mkdir ~/.mozilla/plugins -p
mv ~/Downloads/install_flash_player_11_linux.i386.tar.gz ~/firefox
cd ~/firefox/
tar xvf install_flash_player_11_linux.i386.tar.gz
cp libflashplayer.so ~/.mozilla/plugins/libflashplayer.so

And that should leave you with a working firefox versions. Note that running 'firefox' as a command will invoke iceweasel if installed. To get around that you can e.g. do

echo "alias ffox='$HOME/firefox/./firefox'" >> ~/.bashrc
source ~/.bashrc

after which you can launch firefox by running ffox form the terminal. A standard installation would be to put everything in /opt and set up a .desktop file -- but there's plenty of guides to how to do that.

27 February 2013

346. Tripwire -- keeping an eye on important files

The whole UEFI/Secure Boot debacle lead me to this post: http://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/

In the comments section 'rhavenn' wrote this in passing: " ...by taking a SHA512 hash of your kernel, offloading that to a 3rd party and occasionally verifying the hash. It's nothing tripwire or any other software hasn't been doing for ages. "

Which lead me to check if tripwire was in the debian repos -- and it is.
UPDATE: You can also checkout 'aide' which is also in the repos.

Given how I use my work computers I'm more concerned with disk corruption than infection by malicious code, but as someone who goes through the occasional airport, and with it the potential risk of having to hand over my laptop (never happened so far), I do see a the use for tripwire. Also, in spite of the almost complete lack of viruses in the wild for linux, one should never be complacent (just look at OS X). Besides, learning new things is always a good thing.

Although to be fair, what tripwire does is what most (decent) antivirus programs also do.

Here's how to get set up with tripwire.

Installation

sudo apt-get install tripwire

You'll be asked to answer a series of questions:

Tripwire uses a pair of keys to sign various files, thus ensuring their unaltered state. By acceptin here, you will be prompted for the passphrase for the first of those keys, the site key, during the installation. You are also agreeing to create a site key if one doesn't exist already. Tripwire uses the site key to sign files that may be common to multiple systems, e.g. the configuration & policy files. See twfiles(5) for more information. Unfortunately, due to the Debian installation process, there is a period of time where this passpgrase exists in an unencrypted format. Were an attacker to have access to your machine during this period, he could possibly retrieve your passphrase and use it at some later point. If you would rather not have this exposure, decline here. You will then need to create a site key, configuration file & policy file by hand. See twadmin(8) for more information. Do you wish to create/use your site key passphrase during installation?

Tripwire keeps its configuration in a encrypted database that is generated, by default, from /etc/tripwire/twcfg.txt Any changes to /etc/tripwire/twcfg.txt, either as a result of a change in this package or due to administrator activity, require the regeneration of the encrypted database before they will take effect. Selecting this action will result in your being prompted for the site key passphrase during the post-installation process of this package. Rebuild Tripwire configuration file?

Tripwire uses two different keys for authentication and encryption of files. The site key is used to protect files that could be used across several systems. This includes the policy and configuration files. You are being prompted for this passphrase either because no site key exists at this time or because you have requested the rebuilding of the policy or configuration files. Remember this passphrase; it is not stored anywhere! Enter site-key passphrase:

Tripwire uses two different keys for authentication and encryption of files. The local key is used to protect files specific to the local machine, such as the Tripwire database. The local key may also be used for signing integrity check reports. You are being prompted for this passphrase because no local key file currently exists. Remember this passphrase; it is not stored anywhere! Enter local key passphrase:

Tripwire has been installed The Tripwire binaries are located in /usr/sbin and the database is located in /var/lib/tripwire. It is strongly advised that these locations be stored on write-protected media (e.g. mounted RO floppy). See /usr/share/doc/tripwire/README.Debian for details.

Initialise the database:

sudo tripwire -m i

Please enter your local passphrase: 
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
[..]
### Warning: File system error.
### Filename: /proc/30401/task/30401/fdinfo/4
### No such file or directory
### Continuing...
[..]
The object: "/proc/fs/nfsd" is on a different file system...ignoring.
The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
[..]
Wrote database file: /var/lib/tripwire/beryllium.twd
The database was successfully generated.

Checking a single file:

sudo tripwire -m c /bin/ls

Integrity checking objects specified on command line...
Wrote report file: /var/lib/tripwire/report/beryllium-20130227-141840.twr


Open Source Tripwire(R) 2.4.2.2 Integrity Check Report

Report generated by:          root
Report created on:            Wed Feb 27 14:18:40 2013
Database last updated on:     Never

===============================================================================
Report Summary:
===============================================================================

Host name:                    beryllium
Host IP address:              192.168.1.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/beryllium.twd
Command line used:            tripwire -m c /bin/ls 

===============================================================================
Rule Summary: 
===============================================================================

-------------------------------------------------------------------------------
  Section: Unix File System
-------------------------------------------------------------------------------

  Rule Name                       Severity Level    Added    Removed  Modified 
  ---------                       --------------    -----    -------  -------- 
  Root file-system executables    100               0        0        0        
  (/bin)

Total objects scanned:  1
Total violations found:  0

===============================================================================
Object Summary: 
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

No violations.

===============================================================================
Error Report: 
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***

Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc.
Integrity check complete.

As a cronjob:
You can also just run

sudo tripwire -m c

in which case your system will be checked.

I would guess that putting this as a cronjob to run once per week would be the intended way of using tripwire. Edit /etc/crontab and put


0 22    * * 7   root    tripwire -m c

Update: Tripwire on debian puts a file in /etc/cron.daily

20 February 2013

342. Compiling Kernel 3.8 on Debian Testing/Wheezy

NOTE: It seems like series 3.8 has issues with intel (i915) graphics -- it occasionally generates kworker threads that causes unresponsiveness as seen by slow mouse and keyboard response when e.g. plugging or unplugging mains power. No issues on e.g. nvidia though.
http://verahill.blogspot.com.au/2013/03/368-slow-mouse-and-keyboard-triggered.html
http://forums.gentoo.org/viewtopic-p-7278760.html
https://bbs.archlinux.org/viewtopic.php?pid=1248190

Post:

Kernel 3.8 is out now. Not much to say -- the compilation works well using the standard method. The compressed kernel is about 81 Mb to download.

The approach below shows how to compile the kernel on Debian. If you're interested in a more generic approach, see this post: http://verahill.blogspot.com.au/2013/02/344-compile-kernel-38-without-using-kpkg.html

NOTE: kernel 3.8 -- in contrast to the 3.7 series -- now compiles fine on AMD FX 8150.

NOTE: kernel 3.8 plays well with nvidia dkms

Here we go:

sudo apt-get install kernel-package fakeroot build-essential ncurses-dev
mkdir ~/tmp
cd ~/tmp
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.8.tar.bz2
tar xvf linux-3.8.tar.bz2
cd linux-3.8/
cat /boot/config-`uname -r`>.config
make oldconfig

You will be asked a lot of questions -- how many depends on what version you upgrade from. If in doubt, pick the default answer (i.e. hit enter). If really in doubt, use google.

Then continue:

make-kpkg clean

make menuconfig

if you want to make any specific changes to the kernel (e.g. add support for certain devices)

Then continue:

time fakeroot make-kpkg -j4 --initrd kernel_image kernel_headers

As usual 4 is the number of threads you wish to launch -- make it equal to the number of cores that you have for optimum performance during compilation (more about that here).

The build takes around 20 minutes on a four-core intel i5-2400 with -j4, and 14 minutes on an fx-8150 with -j8 (96 minutes with -j1).

Install:

sudo dpkg -i ../linux-image-3.8.0_3.8.0-10.00.Custom_amd64.deb ../linux-headers-3.8.0_3.8.0-10.00.Custom_amd64.deb

New stuff/Questions:

Offload RCU callback processing from boot-selected CPUs (RCU_NOCB_CPU) [N/y/?] (NEW) *
Memory placement aware NUMA scheduler (NUMA_BALANCING) [N/y/?] (NEW) *
Enable to assign a node which has only movable memory (MOVABLE_NODE) [N/y/?] (NEW)
Allow for memory hot-add (MEMORY_HOTPLUG) [Y/n] y
Allow for balloon memory compaction/migration (BALLOON_COMPACTION) [Y/n/?] (NEW)
Set default setting of cpu0_hotpluggable (BOOTPARAM_HOTPLUG_CPU0) [N/y/?] (NEW
Debug CPU0 hotplug (DEBUG_HOTPLUG_CPU0) [N/y/?] (NEW)
ACPI tables can be passed via uncompressed cpio in initrd (ACPI_INITRD_TABLE_OVERRIDE) [N/y/?] (NEW)
Support multiple cpuidle drivers (CPU_IDLE_MULTIPLE_DRIVERS) [N/y/?] (NEW)
"NOTRACK" target support (DEPRECATED) (NETFILTER_XT_TARGET_NOTRACK) [N/m] (NEW

Default SCTP cookie HMAC encoding
  > 1. Enable optional MD5 hmac cookie generation (SCTP_DEFAULT_COOKIE_HMAC_MD5) (NEW)
    2. Enable optional SHA1 hmac cookie generation (SCTP_DEFAULT_COOKIE_HMAC_SHA1) (NEW)
    3. Use no hmac alg in SCTP cookie generation (SCTP_DEFAULT_COOKIE_HMAC_NONE) (NEW)
  choice[1-3?]:   Enable optional MD5 hmac cookie generation (SCTP_COOKIE_HMAC_MD5) [Y/?] (NEW) y

Enable optional SHA1 hmac cookie generation (SCTP_COOKIE_HMAC_SHA1) [N/y/?] (NEW) *
Enable optional MD5 hmac cookie generation (SCTP_COOKIE_HMAC_MD5) [Y/?] (NEW) y
Distributed ARP Table (BATMAN_ADV_DAT) [N/y/?] (NEW)
Kvaser CAN/USB interface (CAN_KVASER_USB) [N/m/?] (NEW)
LSI MPT Fusion SAS 3.0 Device Driver (SCSI_MPT3SAS) [N/m/?] (NEW)
Chelsio Communications FCoE support (SCSI_CHELSIO_FCOE) [N/m/?] (NEW) *
Marvell 88E6060 ethernet switch chip support (NET_DSA_MV88E6060) [N/m/y/?] (NEW)
Marvell 88E6085/6095/6095F/6131 ethernet switch chip support (NET_DSA_MV88E6131) [N/m/y/?] (NEW)
Marvell 88E6123/6161/6165 ethernet switch chip support (NET_DSA_MV88E6123_61_65) [N/m/y/?] (NEW) *
Cadence devices (NET_CADENCE) [Y/n/?] (NEW)
AT91RM9200 Ethernet support (ARM_AT91_ETHER) [N/m/y/?] (NEW)
Cadence MACB/GEM support (MACB) [N/m/y/?] (NEW)
Broadcom devices (NET_VENDOR_BROADCOM) [Y/?] y
Marvell MDIO interface support (MVMDIO) [N/m/y/?] (NEW)
CDC MBIM support (USB_NET_CDC_MBIM) [N/m/?] (NEW)
Atheros Wireless Cards (ATH_CARDS) [N/m/?] (NEW)
Atheros AR5523 wireless driver support (AR5523) [N/m/?] (NEW)
Wilocity 60g WiFi card wil6210 support (WIL6210) [N/m/?] (NEW) *
Realtek RTL8723AE PCIe Wireless Network Adapter (RTL8723AE) [N/m/?] (NEW)
ARC UART driver support (SERIAL_ARC) [N/m/y/?] (NEW) *
CBUS I2C driver (I2C_CBUS_GPIO) [N/m/?] (NEW)
TS-5500 DIO blocks and compatibles (GPIO_TS5500) [N/m/y/?] (NEW) 
TI BQ2415x battery charger driver (CHARGER_BQ2415X) [N/m/?] (NEW)
Board level reset or power off (POWER_RESET) [N/y/?] (NEW) *

 Default Thermal governor
  > 1. step_wise (THERMAL_DEFAULT_GOV_STEP_WISE) (NEW)
    2. fair_share (THERMAL_DEFAULT_GOV_FAIR_SHARE) (NEW)
    3. user_space (THERMAL_DEFAULT_GOV_USER_SPACE) (NEW)
  choice[1-3?]:   Fair-share thermal governor (FAIR_SHARE) [N/y/?] (NEW)

Step_wise thermal governor (STEP_WISE) [Y/?] (NEW) y
User_space thermal governor (USER_SPACE) [N/y/?] (NEW)
SSB GPIO driver (SSB_DRIVER_GPIO) [N/y/?] (NEW) *
BCMA GPIO driver (BCMA_DRIVER_GPIO) [N/y/?] (NEW)
Support for Realtek PCI-E card reader (MFD_RTSX_PCI) [N/m/y/?] (NEW)
TI ADC / Touch Screen chip support (MFD_TI_AM335X_TSCADC) [N/m/y/?] (NEW)
Support for Nano River Technologies Viperboard (MFD_VIPERBOARD) [N/m/?] (NEW)
Support for Retu multi-function device (MFD_RETU) [N/m/?] (NEW) *
Maxim MAX8973 voltage regulator  (REGULATOR_MAX8973) [N/m/?] (NEW)
TI TPS51632 Power Regulator (REGULATOR_TPS51632) [N/m/?] (NEW)
Siano SMS1xxx based MDTV receiver (SMS_USB_DRV) [N/m/?] (NEW)
Siano SMS1xxx based MDTV via SDIO interface (SMS_SDIO_DRV) [N/m/?] (NEW)   *
Stanton Control System 1 MIDI (SND_SCS1X) [N/m/?] (NEW) *
ION iCade arcade controller (HID_ICADE) [N/m/?] (NEW)
HID over I2C transport layer (I2C_HID) [N/m/?] (NEW) *
Renesas R-Car USB phy support (USB_RCAR_PHY) [N/m/?] (NEW)   *
SDHCI support for ACPI enumerated SDHCI controllers (MMC_SDHCI_ACPI) [N/m/?] (NEW)
NXP PCF8523 (RTC_DRV_PCF8523) [N/m/?] (NEW)
Philips PCF8563/Epson RTC8564 (RTC_DRV_PCF8563) [M/n/?] m
Userspace platform driver with generic irq and dynamic memory (UIO_DMEM_GENIRQ) [N/m/?] (NEW)
Microsoft Hyper-V Balloon driver (HYPERV_BALLOON) [N/m/?] (NEW) *
SystemBase PCI Multiport UART (SB105X) [N/m/y/?] (NEW)
TTY over Firewire (FIREWIRE_SERIAL) [N/m/?] (NEW) *
F2FS filesystem support (EXPERIMENTAL) (F2FS_FS) [N/m/y/?] (NEW) *
Enable CIFS debugging routines (CIFS_DEBUG) [Y/n/?] (NEW)
Simplified Mandatory Access Control Kernel Support (SECURITY_SMACK) [N/y/?] (NEW)
Camellia cipher algorithm (x86_64/AES-NI/AVX) (CRYPTO_CAMELLIA_AESNI_AVX_X86_64) [N/m/y/?] (NEW)

Links to this post:
http://forum.notebookreview.com/lenovo/575569-linux-x220-41.html
http://www.reddit.com/r/CrunchBang/comments/196zx5/whats_the_best_way_to_install_a_new_kernel_in/
http://www.lubuntu.ru/forum/viewtopic.php?t=1125
http://forums.linuxmint.com/viewtopic.php?f=143&p=711457
https://www.linux.org.ru/forum/linux-install/9128362
http://stackoverflow.com/questions/16573913/compile-new-kernel-on-debian-wheezy
http://crunchbang.org/forums/viewtopic.php?id=26825
http://mygoodluck.org/debian-obnovil-yadro-do-38

19 February 2013

341. Upgrading/installing BankID on 64 bit linux

Note: the post below is aimed at installing BankID on Debian (should be ok for ubuntu/mint too). For Arch Linux, see here (item 16)

There are a few ways to get around the rotten behaviour of bankid. This is one of them:

NOTE: to install nspluginwrapper you need to enable the stable/squeeze repos by e.g. adding

deb http://ftp.au.debian.org/debian/ squeeze main contrib non-free

to your /etc/apt/sources.list.

That's normally reasonably safe since apt by default pulls in the newest package and I haven't had any issues. Just be careful though.

You can also install nspluginwrapper by compiling it as shown here: http://verahill.blogspot.com.au/2013/03/366-nspluginwrapper-on-debian.html

Note that there's a FOSS alternative in Fribid (http://verahill.blogspot.se/2012/02/debian-testing-wheezy-64-fribid-as.html) which seems to be working perfectly -- and if you can use it, use it. The main limitation is that in practice you'll have to collect your certificate/ID with it, since newer versions of BankID saves the ID in an incompatible format. Like many foreigners, I don't have the opportunity to visit Sweden for the sole sake of picking up a new ID, so I'm stuck with BankID. But you may not be.

0. Things to install:

sudo apt-get install iceweasel nspluginwrapper ia32-libs

1. Download BankID and uninstall any previous installations

cd ~/Downloads
mkdir bankid
cd bankid
wget https://install.bankid.com/Download?defaultFileId=Linux -O bankid.tar.gz
tar xvf bankid.tar.gz
cd BISP-4.19.1.11663/
sudo sh install.4.19.1.11663.sh u

2. If you're upgrading, make sure to remove any previous libplugins.so

sudo updatedb && locate libplugins.so

/home/me/Downloads/bankid/BISP-4.19.1.11663/libplugins.so
/usr/lib/mozilla/plugins/libplugins.so
/usr/lib/mozilla/plugins/npwrapper.libplugins.so
/usr/lib/nspluginwrapper/plugins/npwrapper.libplugins.so

sudo nspluginwrapper -r /usr/lib/mozilla/plugins/npwrapper.libplugins.so
sudo rm /usr/lib/mozilla/plugins/libplugins.so
sudo rm /usr/lib/nspluginwrapper/plugins/npwrapper.libplugins.so

3. Install the new version

sudo sh install.4.19.1.11663.sh i

Installing BankID Security Application
ln: failed to create symbolic link `/usr/lib/firefox-addons/plugins': No such file or directory
WARNING: Failed installing plugin for Firefox 3. Manually add symlink to libplugins.so in your Firefox 3 plugin directory if this browser is to be used.
Installation complete.
sudo nspluginwrapper --install /usr/local/lib/personal/libplugins.so

4. Test your installation
Don't bother with test.bankid.com since the idiots won't let you test anything that identifies itself as 64 bit (more about that later). Instead

go to http://www.skatteverket.se
click on personbevis
log in. This should work

5. Testing against test.bankid.com
Everything is in working order but for some idiotic reason bankid.com won't even allow you to test you fancy new 64 bit installation -- and it all boils down the useragent string in iceweasel/firefox identifying itself as running on a 64 bit system (paradoxically, a real 32 bit browser running in a chroot won't work either since the kernel is 64 bit -- in schroot you can use personality=linux32 to get around it, but good luck dealing with the massive memory leaks).

Anyway,

open your iceweasel browser
type in about:config in the address bar
promise that you'll be careful
right-click on the page, select New, String
In the first box, type general.useragent.override
In the second box paste Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Iceweasel/10.0.12

You can now go to https://test.bankid.com. I find this a bit humiliating though, and you can use bankid everywhere but bankid.com without having to set the useragent to identify your system as being i686.

If you're having issues, the first thing to check is about:plugins in firefox:

20 January 2013

323. Wine 1.5.22 on Debian Testing/Wheezy. Compiling using multiarch

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

Another update: It seems like your mileage in terms of how well Wine will work for you will vary using this method. It works fine for me and I suspect it's because I've built earlier Wine versions of my systems and have ia32-libs-dev installed. This package is no longer available in Testing. ia32-libs installs the libs you need, but does not provide symlinks between .so and .so.X files -- you can probably do that by hand if necessary though. It's not for beginners.

An additional thing to remember is that the 1.5 series of Wine is a development series -- 1.4 is the stable series which is meant for end users. Progress made in 1.5 will be included in 1.6.

NOTE: there are a couple of issues, and they will depend on how your system is set up.
* libosmesa6-dev:i386 will require mesa-common-dev:i386 which will remove libosmesa6-dev:amd64 and more, which is bad.
* libglu1-mesa-dev:i386 depends on libgl1-mesa-dev:i386 which will remove libgl1-mesa-dev:amd64 and more, which is bad.
* libgstreamer-plugins-base0.10-dev:i386 depends on libgstreamer0.10-dev:i386 which depends on gir1.2-gstreamer-0.10:i386 which depends on gir1.2-freedesktop:i386 which depends on gir1.2-glib-2.0:i386 which depends on libgirepository-1.0-1:i386 which will remove a whole lot of packages (132 on one of my systems, including gnome, gdm3 etc.)

I'm working on figuring out what's triggering this on some systems but not others.
In the mean time see http://verahill.blogspot.com.au/2013/01/308-compiling-wine-1521-on-debian.html to see how to build wine in a chroot, which is safe. You can then install that .deb package on your normal system and HOPEFULLY there won't be any broken dependencies. You won't need the -dev:i386 packages on the install target.

ldd `which wine` 

linux-gate.so.1 =>  (0x55573000)
 libwine.so.1 => /usr/local/lib/libwine.so.1 (0x55576000)
 libpthread.so.0 => /lib32/libpthread.so.0 (0x556ec000)
 libc.so.6 => /lib32/libc.so.6 (0x55705000)
 libdl.so.2 => /lib32/libdl.so.2 (0x55867000)

so you really don't seem to need much in the way of shared libs installed.

A new incremental version of wine is out.

There's little difference between building 1.5.21 and 1.5.22 but here it is anyway. The build is very easy on an up-to-date installation of Testing/Wheezy. If you are on stable, the list over needed packages can be found in this post.

See here for recent changes between different Wine versions: http://linux.softpedia.com/progChangelog/Wine-Changelog-148.html

Compiling

sudo dpkg --add-architecture i386
sudo apt-get update

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 libcurl4-openssl-dev:i386 gettext prelink bzip2 bison flex oss4-dev checkinstall ocl-icd-libopencl1:i386 opencl-headers gcc-multilib

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.22.tar.bz2
tar xvf wine-1.5.22.tar.bz2
cd wine-1.5.22/
./configure

config.status: executing include/wine commands
config.status: executing Makefile commands


configure: Finished.  Do 'make' to compile Wine.

time make -j4
sudo checkinstall --install=no

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@lithium ]
1 -  Summary: [ wine 1.5.22 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.22 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ amd64 ]
8 -  Source location: [ wine-1.5.22 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]
[..]
Copying files to the temporary directory...

sudo dpkg -i wine_1.5.22-1_amd64.deb

where 4 is the number of cores on your build machine (see here and here for -jN). The build took 13 minutes on a three-core AMD Athlon II X3 445 (3.1 GHz) with -j4. The 'Copying files to...' can take quite a while, so let it run to completion.

Anyway, that's it. An easy build.

Pages